Post navigation

Storing Passwords Securely on your Mobile Device

I have a lot of accounts, and I’m willing to bet that you do as well. Banking websites, social websites, work accounts, wordpress accounts, DNS registrars, the list goes on and on. Each of these accounts typically requires a password, which makes for a lot of passwords. I could use the same password everywhere, or even just a small set of passwords, but the risk of having all my accounts compromised would increase with each account added that uses the same password. In order to reduce this risk, I keep my passwords unique to each account as much as possible.

Surprisingly, I manage to remember quite a few of them. But occassionaly, especially for accounts that I don’t access often, I forget them. Since I’m not about to write my passwords on sticky notes and put them on my monitor or in a drawer, I use a program that stores my library of passwords in an encrypted file. This way I have one “master password” that gives me access to the hundreds (yes hundreds) of passwords I have.

Many years ago I used a program called STRIP (Secure Tool for Recalling Important Passwords) on my Palm device. This program worked great and I used it for about 9 years. However, a year ago I switched to an Android phone and STRIP is not supported on Android. I tried several different apps and eventually started using Callpod’s Keeper. At first, I really liked this program. I was using the free version which at the time would allow you to backup the password file to the SD card which was all I needed. However, after a few updates, the SD card backup feature disappeared from the free version in favor of their paid version which syncs to a cloud service at $9.99/yr. This combined with the fact that the program nags you constantly with a popup window to backup your data and then reminds you that you can’t because you have the free version, convinced me to start looking for a new password program.

After playing with several different free and paid versions, I re-discovered KeePassDroid. I remembered playing with it the first time I research Android password programs and dismissing it because it didn’t have a backup capability. However, I had recently been playing with Dropbox and realized that I could put the KeePassDroid data file into Dropbox. Would this work? The short answer is yes! And it’s a delectable combination. Here’s how it works:

1) Install: KeePassDroid, Dropbox, and OI File Manager
You need KeePassDroid to manage your passwords, Dropbox to synchronize them off your phone, and the OI File Manager to make it easier to locate the files to upload in step 3.

2) Run KeePassDroid and create the default database in /mnt/sdcard/keepass/keepass.kdb
This sets up an empty database which you can now upload into Dropbox.

3) Run Dropbox and Menu/Upload/Any File/OI File Manager -> select the /mnt/sdcard/keepass/keepass.kdb
This will copy the keepass.kdb file into /mnt/sdcard/dropbox/keepass.kdb where Dropbox can manage it.

4) Run KeePassDroid and from the main screen (where you select the database file and enter the password) click on the Folder icon and navigate to home/mnt/sdcard/dropbox and select keepass.kdb

5) If you want to clean up, you can remove the /mnt/sdcard/keepass/keepass.kdb file – it won’t be needed anymore since you will only access the file in the dropbox folder.

Once this is setup, you can launch KeePassDroid by running Dropbox and then clicking on the “keepass.kdb” file. Opening the file this way will ensure that Dropbox uploads any changes you make to the database file.

So, why go to all this extra work? Two big reasons: First, if you ever lose your phone or run it over with a car, you have an up to date version of your password database “in the cloud” that you can reload on a new phone. Second, you can now manage your password from other devices! I’m running Dropbox on my OSX desktop along with KeePassX and I can now access or update my password database from my phone and my desktop. That’s delicious.

Of course, there is no reason you have to stop there. I haven’t tried this yet, but since KeePassDroid can manage several database files, you could create a second one, maybe “family.kdb” and then in a shared dropbox folder you could share the database file with other members of your family. Or perhaps a “work.kdb” and share passwords with co-workers, etc.

In summary: KeePassDroid works great, it’s free, and when combined with Dropbox it has great syncing, backup and possible sharing capability.

And mobile developers please take note: I *hate* nagware, and I suspect other people do as well. I hate it so much that I would never consider buying software that resorts to it – it’s an instant sale killer for me. When implementing the free/paid mobile app model, it’s important to give users a fully functional free version that works and doesn’t nag. This way, people are inclined to install it and to keep using it because it’s free and works great. And then if the paid version has a few really cool, but not functionally important features then I think people will be more likely to upgrade.